Security Alerts and Updates

Latest Security Updates for Apple Software
Latest Security Tests from AV-Comparatives

May 2021 (Click listings for more information).
06  Dell is fixing vulnerabilities in a firmware update driver.
06  Qualcomm vulnerability impacts many mobile phones.
05  Firefox 88.0.1, Firefox for Android 88.1.3, security updates.
05  Malicious Office 365 apps are the ultimate insiders.
05  Peloton’s leaky API spilled riders’ private data.
05  Windows Defender bug fills up Windows 10 boot drive.
04  Network Solutions & hit by DNS outage.
04  Office non-Security Updates have been published.
04  Chrome adopts Windows 10 exploit protection feature.
04  Reddit is currently facing an outage.
04  Vulnerable Dell driver puts millions of systems at risk.
04  Apple Releases Security Updates.
04  Samsung ends security updates for the Galaxy S8 & S8+.
03  Apple fixes 2 iOS zero-day vulnerabilities used in attacks.
03  Scripps Health cyberattack causes hospital outages.
03  New Attacks Slaughter All Spectre Defenses.
03  New malware downloader rewritten in E-Z Rust language.
02  This Week in Security – by Zack Whittaker.
02  How to stop Win10 Defender from uploading files to Microsoft.
01  Optional weekend task: How to remove IE – by Susan Bradley.

April 2021 (Click listings for more information).
30  The Week in Ransomware – Attacks Escalate.
30  Linux Mint 18.x reaches end of life, upgrade now.
30  Stolen ParkMobile data is now free for wannabe scammers.
30  MS-DEFCON 4: Patching is approved – by Susan Bradley.
29  Microsoft finds critical code execution bugs in IoT, OT devices.
29  PowerToys 0.37 out with a bunch of improvements.
29  Disabling Windows 10 experiments blocks Known Issue Rollback fixes.
29  Vivaldi 3.8 update banishes annoying cookie messages.
29  QNAP warns of ransomware attacks on NAS devices.
29  Task Force Seeks to Disrupt Ransomware Payments.
28  Microsoft releases Windows 10 build 19042.964, 19041.964.
28  Chrome 90 update fixes nine security vulnerabilities.
28  Chase Bank phish swims past Exchange email protections.
28  Experian API exposed credit scores of most Americans.
27  Linux kernel bug opens door to wider cyberattacks.
27  FBI shares Emotet email addresses with Have I Been Pwned.
27  Surface Pro X with SQ2 processors receive firmware updates.
26  Apple released iOS & iPadOS 14.5 with many new features.
26  Fixed: macOS zero-day bug exploited by Shlayer malware.
26  Nvidia: severe security bugs in GPU driver, vGPU software.
26  Microsoft Defender now blocks cryptojacking malware.
26  Experian’s Credit Freeze Security is Still a Joke.
25  This Week in Security – by Zack Whittaker.
25  Emotet malware nukes itself from all infected computers.
24  Weekend task: changes to New Edge – by Susan Bradley.
24  Emergency fix for Windows 10 KB5001330 gaming issues.
23  The Week in Ransomware – A brutal week.
23  Password manager hacked in a supply chain attack.
23  5 fundamental but effective IoT device security controls.
22  Win10 1909 KB5001396 cumulative update preview released.
22  QNAP fixes fault in NAS backup, disaster recovery app.
22  Telegram platform abused in ‘ToxicEye’ malware campaigns.
22  How to block KB5001330 update affecting game performance.
22  Attackers can hide ‘external sender’ email warnings.
21  Autoruns is crashing when listing Windows 10 startups.
21  Chrome OS gets a handful of usability updates.
21  Facebook vulnerability can allow scraping of users’ email.
21  Windows 10 now lets you seamlessly run Linux GUI apps.
21  QR codes offer easy cyber attack avenues as usage spikes.
21  Google fixes exploited Chrome zero-day dropped on Twitter.
20  Microsoft partially fixes Windows 7, Server 2008 vulnerability.
20  Tails 4.18 released, users urged to upgrade now.
20  Fake Microsoft Store, Spotify sites spread info-stealing malware.
19  Geico breach exposed customers’ driver’s license numbers.
19  Mozilla releases final Firefox version before Proton upgrade.
19  Google Alerts continues to be a hotbed of scams & malware.
19  Microsoft disables Google’s FLoC tracking in Microsoft Edge.
19  Zoom boosts user privacy with new notification warnings.
18  This Week in Security – by Zack Whittaker.
18  WordPress to automatically disable Google FLoC on websites.
17  Weekend task: How to best ask a question – by Susan Bradley.
17  Twitter is suffering from another worldwide outage today.
17  Microsoft fixes Win10 bug that can corrupt NTFS drives.
16  The Week in Ransomware – The Houston Rockets.
16  Windows 10 update causing DNS and shared folder issues.
16  Instagram Android app is crashing for some, here’s the fix.
15  Windows Terminal released with new settings UI & more.
15  Mozilla drops Firefox support on Amazon Fire TV.
15  Edge’s new Kids Mode is now rolling out to everyone.
14  Chrome 90 released with HTTPS as the default protocol.
14  Second Google Chrome zero-day exploit dropped on Twitter.
14  Vivaldi, Brave, DuckDuckGo reject Google’s FLoC ad tracking.
13  Patch Tuesday: Here’s what’s new for Windows 7 and 8.1.
13  Win10 Cumulative Updates KB5001330 & KB5001337 released.
13  Linux, macOS malware hidden in Browserify NPM package.
13  Microsoft April Patch Tuesday fixes 108 flaws, 5 zero-days.
13  Google Releases Security Updates for Chrome.
13  Microsoft Edge Legacy nuked by April Windows Updates.
13  Adobe fixes vulnerabilities in Photoshop & Digital Editions.
13  Warning: W-2 phishing scam targeting the 2021 tax season.
12  Chrome, Edge zero-day vulnerability shared on Twitter.
12  CS:GO, Valve Source games vulnerable to hacking.
12  ParkMobile breach exposes data of 21M users.
12  IcedID circulates via web forms, Google URLs.
11  This Week in Security – by Zack Whittaker.
11  Mozilla flooded with requests after Apple privacy changes.
11  Windows 10 1909 reaches end of service next month.
10  Weekend task: change your Office – by Susan Bradley.
10  Joker malware infects over 500,000 Huawei Android devices.
10  Android malware found embedded in APKPure store app.
10  Microsoft has released firmware updates for the Surface Pro 7.
09  The Week in Ransomware – Massive ransom demands.
09  DuckDuckGo updates extension to block Google’s tracking.
09  Surface Pro 6 gets new driver and firmware updates.
08  Chrome blocks a new port to stop NAT Slipstreaming attacks.
08  IcedID Banking Trojan Surges: The New Emotet?
08  Surface Studio 2 gets updates with general improvements.
08  Microsoft Office 365 phishing evades detection with HTML.
08  Tech support scammers lure victims with fake antivirus billing.
07  Hackers increasingly using web shells to steal credit cards.
07  Attackers Blowing Up Discord, Slack with Malware.
07  Google Forms & Telegram used to collect phished credentials.
07  Gigaset Android phones infected via hacked update server.
07  Android malware infects Netflix thieves via WhatsApp.
06  Ransomware gangs are stuck supporting Windows XP.
06  Are you one of the 533M people who got Facebooked?
06  April Office non-Security Updates are now available.
05  Windows Update for Business isn’t just for business.
05  LinkedIn spear-phishing campaign targets job hunters.
05  Apple Mail zero-click vulnerability allows email snooping.
04  This Week in Security – by Zack Whittaker.
04  Check if your info was exposed in the Facebook data leak.
03  Weekend task: Event Viewer – by Susan Bradley.
03  Malware attack is preventing car inspections in 8 US states.
03  533 million Facebook users’ phone numbers leaked.
02  Capital One notifies more clients of the 2019 data breach.
02  Robinhood warns customers of tax-season phishing scams.
01  Microsoft services are facing outages due to a DNS issue.
01  Legacy QNAP NAS devices vulnerable to a zero-day attack.
01  Phishing attacks use vaccine surveys to steal personal info.
01  PowerToys 0.35 released with various improvements.
01  Microsoft fixes Outlook ‘Cannot send this item’ email bug.
01  Ubiquiti cyberattack may be far worse than first disclosed.

March 2021 (Click listings for more information).
31  Apple, Google tracks mobile telemetry data, despite opt-out.
31  BazarCall malware uses call centers to infect victims.
31  Malware in game cheats & mods used to target gamers.
30  Scammers target universities in IRS phishing attacks.
30  Whistleblower: Ubiquiti Breach “Catastrophic”.
30  VMware fixes bug allowing theft of admin credentials.
29  Microsoft releases Windows 10 builds 19042.906, 19041.906.
29  Win10 KB5000842 cumulative update fixes freezing issues.
29  Patch Tuesday recap: an ‘Ides of March’ update?
28  This Week in Security – by Zack Whittaker.
27  Weekend task: How to pause – by Susan Bradley.
27  New malware steals data from infected Android devices.
26  The Week in Ransomware – Attacks increase.
26  Apple fixes iOS zero-day vulnerability exploited in the wild.
26  Sierra Wireless partially restores network following attack.
26  Microsoft releases Win10 SSU to fix security update issue.
25  Microsoft releases Windows 10 builds 18363.1474, 17763.1852.
25  Win10 ISO installs may fail to replace Microsoft Edge Legacy.
25  The good and the bad with Chrome’s new security defaults.
25  QNAP warns of brute-force attacks against NAS devices.
25  BackBlaze mistakenly shared backup metadata with Facebook.
24  ProtonVPN CEO Blasts Apple for ‘Aiding Tyrants’ in Myanmar.
24  Windows PSExec privilege elevation vulnerability fixed.
24  Chrome will use HTTPS as the default navigation protocol.
24  Fleeceware apps earn iOS, Android developers millions.
24  Google removes privacy-focused ClearURLs Chrome extension.
23  Tails 4.17 launched with an improved upgrade process.
23  Firefox 87 reduces ETP site breakage with SmartBlock.
23  Malware worms its way into exposed Windows systems.
23  Hobby Lobby exposes customer data in cloud misconfiguration.
23  Microsoft warns of phishing attacks bypassing email gateways.
22  MangaDex manga site temp shut down after cyberattack.
22  Workaround for 0xc004c003 Windows 10 activation errors.
22  Mozilla Firefox adopts new privacy-enhancing Referrer Policy.
22  Critical security bugs fixed in virtual learning software.
21  Win10 KB5001649 update is rolling out again to fix printing.
21  This Week in Security – by Zack Whittaker.
20  Weekend task: Ease of Access tweaks – by Susan Bradley.
20  Hackers used 11 zero-days to attack Windows, iOS, Android.
19  The Week in Ransomware – Highest ransom ever!
19  Facebook outage affects WhatsApp, Messenger, & Instagram.
19  Bogus Android app drops credential-swiping malware.
19  Win10 emergency updates fix remaining printing issues.
19  Let’s get Mikey to try it – by Susan Bradley.
18  New malware steals Google, Apple, Facebook accounts.
18  Facebook now supports physical security keys in mobile apps.
18  US taxpayers targeted with RAT malware in phishing attacks.
18  Phishing emails are spreading this sophisticated malware.
18  Microsoft warns of more printing issues after March updates.
17  Microsoft auto-installs the Windows 10 WebView2 Runtime.
17  $4,000 COVID-19 ‘relief checks’ cloak Dridex malware.
17  Twitter images can be abused to hide ZIP, MP3 files.
17  Fintech Giant Fiserv Used Unclaimed Domain.
16  Microsoft explains the cause of yesterday’s service outage.
16  Botnet targets network security devices with critical exploits.
16  Microsoft Office vulnerability is still popular with hackers.
16  Hackers hide credit card data from stores in JPG file.
16  Can We Stop Pretending SMS Is Secure Now?
15  Win10 emergency updates released to fix printing crashes.
15  Google warns Mac, Windows users of Chrome zero-day flaw.
15  Office issue causing memory, disk space errors fixed.
14  This Week in Security – by Zack Whittaker.
13  Weekend task: what security scanner do you use?
13  Microsoft Edge & Chrome to use a 4-week release cycle.
13  Linux kernel bugs let attackers gain root privileges.
13  Microsoft shares temporary fix for Win10 printing crashes.
12  The Week in Ransomware – Encrypting Exchange servers.
12  Google fixes second Chrome zero-day this month.
12  Botnet malware deploys honeypots to find more targets.
11  New Firefox fixes Linux crashes, Apple Silicon hangs.
11  Chinese hackers target Linux systems with new malware.
11  Microsoft confirms Windows 10 crash due to updates.
10  Win10 crashes when printing due to Microsoft updates.
09  Microsoft Edge Legacy has reached the end of life today.
09  Here’s what’s new for Windows 8.1 & 7 this Patch Tuesday.
09  Windows 10 Cumulative Updates released.
09  Microsoft Patch Tuesday fixes 82 flaws, 2 zero-days.
09  Adobe fixes Creative Cloud, Adobe Connect vulnerabilities.
08  Microsoft 365 adds ‘External’ email tags for more security.
08  Chrome to block port 554 to stop NAT Slipstreaming attacks.
08  Surface Go and Laptop Go get new firmware updates.
08  QNAP devices are being hacked to mine cryptocurrency.
07  This Week in Security – by Zack Whittaker.
07  Office 365 gets protection against malicious XLM macros.
06  Weekend task: check your logins – by Susan Bradley.
06  Samsung fixes critical Android bugs in March updates.
06  FLoC: Google’s alternative to individual tracking.
05  The Week in Ransomware – Targeting service providers.
05  Data breach affects millions of travelers from major airlines.
05  Surface Laptop 1 & 2 get new firmware & driver updates.
04  PowerToys 0.33.1 is out with new features and fixes.
04  Runtime inspection of XLM macros now available in Excel.
04  Hijacking traffic to Microsoft’s with bit flipping.
03  GRUB2 boot loader reveals high severity vulnerabilities.
03  US warns of Social Security scams using fake federal IDs.
03  Windows 10 20H2 is being force installed on more devices.
03  Cash App phishing kit deployed, courtesy of 16Shop.
02  March Office non-Security Updates are now available.
02  Google fixes the second Chrome zero-day bug this year.
02  Malicious NPM packages target Amazon and Slack.
01  Windows and Linux Spectre exploits found on VirusTotal.
01  Passwords, private posts exposed in Gab social network.